PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel

Compliance Made Simple
PCAOB Audit
Alert #11 & Excel Tango
Updating your internal controls to the new standards
Sept. 24, 2014
Presented by:
Sonia Luna &
Rohn Martino

Agenda
• Part II Reports Exposed
– Lessons Learned
– How Excel Impacts
failed areas
• PCAOB –Alert#11
– Common Audit Failures
– Level Of Precision
– Old Vs. New
– Key Report Testing
• Resources
– COSO Implementation
LinkedIN Group
– CCA & Excel
Diagnostic
• Questions
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
2

Polling Question 1
Have you started to update your
controls using the new PCAOB Audit
Alert #11 Standards?
Where am I? %age
A Running to Finish Line 75%
B Getting There 50%
C Formulating a Plan 25%
D Not Started 0%
3

New PCAOB Auditing BAR!
• Caused audit procedure
layering
• More in-depth written
description of estimates and
use of judgment, especially
review controls
• Detailed documentation and
testing of system reports utilized
in performance of controls.
4

External Audit Firm: Closing The Books
(Findings)
5

Closing The Books [Contd.]
Source: PCAOB Audit Alert #11 (Oct. 2013)
6

Level of precision in Plain English?
• How detailed is management’s review of
journal entries?
• Document your thought process
– Dollar Threshold
– Percentage of Revenue
– Geographic Location
– Lines of Business
– Other Risk Factors
– Timing
7

Good isn’t good enough
good v. NEW PCAOB control Language
Older Language (“OK”)
Quarterly, Controller reviews the AR
allowance for adequacy and
reasonableness of reserve amounts by
initialing and dating the “AR reserve”
analysis.
8

Good isn’t good enough
good v. NEW PCAOB control Language
Older Language
(“OK”)
Quarterly, Controller
reviews the AR
allowance for
adequacy and
reasonableness of
reserve amounts by
initialing and dating
the “AR reserve”
analysis.
Audit Controller initials &
Match Total $ = DONE!
9

NEW PCAOB control Language
“new standards for control language”
Older Language
(“OK”)
Quarterly,
Controller reviews
the AR allowance
for adequacy
and
reasonableness of
reserve amounts
by initialing and
dating the “AR
reserve” analysis.
Updated Control (“Better”)
Quarterly, Controller reviews AR
balances of significant customers with
o/s balances greater than $10K and
5% of AR balance and those under
that threshold by customer type (e.g.
geographical location, types of orders,
etc.), to review the AR allowance for
accuracy and completeness.
Adjustments, if needed, are sent via
email to the AR manager, final review
of the AR reserve analysis is initialed
and dated by the Controller which
agrees to the final g/l balance for the
period.
10

Documentation in Excel
• Notate use of a threshold for review
– What is sufficient?
• What other considerations are key?
• How to document Management’s review?
• Every reviewer is different
– Depth of review Manager vs. Controller
11

Excel Risk Assessments
Key Steps:
Step 1: Inventory your spreadsheets
Step 2: In-scope worksheets, rate them (see below)
12

Evaluate & Testing
Strategies (High/Mod/Low)
13

Testing Sample – lead sheet
14

Automate Internal Controls for Excel
CIMCON Software
provides a complete
set of tools to automate
your internal controls:
• XLRisk for Discovery,
Risk Assessment and
Link Mapping
• XLAudit for
remediation of High
Risk Files
• SOX-XL for Change
Management,
reviews and
approvals
15

Automated Spreadsheet Inventory
• Scan network
locations,
SharePoint,
workstations
• Create
Inventory by
Department
• File Details
Scanned
– # of
Formulas
– # of Links
– # of
Macros
– Invisible
Cells
– Keywords
– Hidden
Rows
– Over 30
more
16

Spreadsheet Risk Assessment
Identify the High, Medium and Low Risk spreadsheets
in each department based on their Complexity,
Materiality, and Criticality.
17

Spreadsheet Risk Assessment
For each High Risk
spreadsheet,
analyze its Risk
Scorecard and the
factors that make
it high risk.
18

Data Lineage
• All Links
Captured to
Illustrate How
Data Flows
Within a Model
• Link Status is
Checked and
Displayed.
Broken Links
are highlighted.
• All File Types
Shown
19

Formula and Cell Analysis
• Highlight Issues Directly Within the Spreadsheet
• Analyze Formulas for Errors, Best Practice, Logical
20
Issues.
– Formulas With Constants
– Inconsistent Formulas
– Invisible Cells
– Numbers Formatted as Text
– Over 50 Analyses

Reporting and Documentation
• Workbook Analysis Report
Generate reports that
documents all the attributes of
the spreadsheet.
• Heat Map Report
Highlights possible issues or errors
within the spreadsheet that may
require remediation.
– Broken Links
– Invisible Cells
– Formulas with Constants
– Formulas with Absolute Cell
References
– Cells with Errors
– Numbers stored as text
21

Change Control
• Track all significant changes to the spreadsheet including
changes to calculations, links, macros and queries.
• Set up email alerts, .exceptions or reporting on critical changes
22

Version Control
• Create snapshots of
spreadsheets at key
points in time (e.g.
after Financial Close).
• Compare any 2
snapshots (e.g.
compare today’s
version with last
month’s approved
version) to speed up
reviews and
approvals.
23

Management Review
Implement a structured, secure and
fully documented review process,
with management dashboards that
speed reviews and financial close.
24

Benefits
For Excel Owners and Approvers: Implements a structured
process to manage Excel to reduce errors, identify high
risk files, and speed approvals at the time of financial
close, using automated tools for file compare, audit trails
and reports. Automated system for logic inspection,
detection and removal of errors, and spreadsheet
documentation eases compliance with policies and
procedures.
For Auditors: Reduces cost from tedious and time-consuming
audits of manual processes.
For Management: Reduce risk from spreadsheet errors
that can cause huge losses, loss of reputation and stock
price, using Management Information dashboards where
risky activity is immediately highlighted.
25

Conclusion
The CIMCON Suite of tools implements a Spreadsheet
Management Process that is:
26
Traceable
Repeatable
Accountable
Auditable
Consistent

COSO Implementation Group
Join Our LinkedIn Group
COSO Framework Discussion & Webinars
Technical Community sharing Ideas ,Templates,
WEBINARS, Advise and Learn from others implementing
new framework.
JOIN Today!
http://www.linkedin.com/groups/2013-COSO-Implementation-
4888186/about
27

Control Compliance Analysis (“CCA”)
Email us for 5 SPOTS ONLY:
Info@avivaspectrum.com
Subject: CCA
CCA
Report
In-take Benchmark
28

Free Excel Toolkit ($400 Value)
• Visual logic inspection
• Highlight errors in seconds
• Documentation and Map Links
• Over 50 Different Analyses
First 5 people to email us will
win a free copy of XLAudit
(limit 1 license per company):
Info@avivaspectrum.com
Subject: XLAUDIT
29

Send Questions
Sonia Luna- President, CEO
Aviva Spectrum
www.linkedin.com/in/sonialuna
www.slideshare.net/soxppt
www.avivaspectrum.com/podcast
s
30

Connect with Rohn
31
Rohn Martino
Sr. Manager, Sales and Marketing
CIMCON Software
rmartino@cimcon.com
www.linkedin.com/in/rohnmartino
www.sarbox-solutions.com
(978) 692-9868 Ext. 222

PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel

Similar a PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel (20)

Más de Aviva Spectrum™

Más de Aviva Spectrum™ (14)

Último

Último (20)

PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel

Notas del editor